NIST 800-171 and Cybersecurity Maturity version Certification call for Department of Defense (DoD) builders to “Mark media with important CUI markings and also distribution limitations”. A basic tenet of details security is to visually identify CUI info that calls for special protections so authorized users understand what special handling controls have to be applied. 32 CFR, component 2002, which uses to both executive, management branch agencies and also defense contractors, requires regulated Unclassified details markings to help ensure the data is secure. In this article we will walk you v the process of identify CUI information and also how to apply security CUI markings to physical and electronic media.
You are watching: It is mandatory to include a banner marking
What is CUI?
Before we destruction into how to mark controlled Unclassified Information, we should comment on how we gained here. CUI is any kind of unclassified info that through law, regulation, or government-wide policy, needs safeguarding or dissemination controls. In 2010, chairman Obama issued executive Order 13556 – regulated Unclassified details to standardize just how CUI is tackled by executive branch agencies. The executive order additionally designated the national Archives and Record management (NARA) as the executive Agent (EA) responsible because that implementing the CUI program.
See more: How Many Calories In A Bottle Of White Wine 750Ml Of Chardonnay Wine?
DoD"s Implementation the the CUI regimen
In its function as the CUI regime Executive Agent, NARA has actually issued a significant amount of guidance on exactly how to manage (i.e. Mark, copy, transport, disseminate, reuse, and destroy) CUI.
NARA maintains the CUI Registry, an digital repository because that all official information, guidance, policy, and requirements related to dealing with CUI. However, the CUI Registry right now provides a caveat:
“Agency personnel and also contractors should first consult their agency’s CUI implementing policies and program management for guidance.”
For DoD contractors, this leads us to two necessary points. The DoD has actually not yet enforced the CUI program as forced by EO 13556 and 32 CFR, part 2002. The room of Defense will implement the CUI program as soon as the Federal plan is finalized and published in ~ the federal Acquisition Regulation. Until then, the DoD will certainly identify and protect CUI every the indict in DoD hand-operated 5200.01, Volume 4. However, the DoD will likely take on NARA’s guidance prior to the finish of fiscal Year 2020, for this reason this blog post will define NARA’s standards.
The 2nd point to keep in mind, is that as soon as CUI is listed to or generated by DoD contractors, the pertinent contract documents (e.g., contract clause, declare of work, DD form 254, Security group Guide (SCG), and Cybersecurity group Guide) should identify the controls and protective measures home builders are intended to apply.